Details
Critical Description
Similar to MDEV-28374 but no PROCEDURE ANALYSE() is required here.
CREATE TABLE t (c DOUBLE) ENGINE=InnoDB; |
INSERT INTO t VALUES ('1e4294967297'); |
Leads to:
|
10.11.0 fe1f8f2c6b6f3b8e3383168225f9ae7853028947 (Debug) |
/test/10.11_dbg_san/strings/dtoa.c:1481:16: runtime error: signed integer overflow: 429496729 * 10 cannot be represented in type 'int'
|
|
10.11.0 fe1f8f2c6b6f3b8e3383168225f9ae7853028947 (Debug) |
#0 0x557791cc50de in my_strtod_int /test/10.11_dbg_san/strings/dtoa.c:1481
|
#1 0x557791cc50de in my_strtod /test/10.11_dbg_san/strings/dtoa.c:469
|
#2 0x557791bb71e2 in my_strntod_8bit /test/10.11_dbg_san/strings/ctype-simple.c:799
|
#3 0x55778effb05a in charset_info_st::strntod(char*, unsigned long, char**, int*) const /test/10.11_dbg_san/include/m_ctype.h:899
|
#4 0x55778effb05a in Field_real::get_double(char const*, unsigned long, charset_info_st const*, int*) /test/10.11_dbg_san/sql/field.cc:1838
|
#5 0x55778effbb02 in Field_double::store(char const*, unsigned long, charset_info_st const*) /test/10.11_dbg_san/sql/field.cc:4868
|
#6 0x55778f1c5fdd in Item::save_str_value_in_field(Field*, String*) /test/10.11_dbg_san/sql/item.cc:407
|
#7 0x55778f1c641f in Item_string::save_in_field(Field*, bool) /test/10.11_dbg_san/sql/item.cc:6867
|
#8 0x55778d4826df in fill_record(THD*, TABLE*, Field**, List<Item>&, bool, bool) /test/10.11_dbg_san/sql/sql_base.cc:9196
|
#9 0x55778d482be8 in fill_record_n_invoke_before_triggers(THD*, TABLE*, Field**, List<Item>&, bool, trg_event_type) /test/10.11_dbg_san/sql/sql_base.cc:9251
|
#10 0x55778d6a3853 in mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool, select_result*) /test/10.11_dbg_san/sql/sql_insert.cc:1089
|
#11 0x55778d8fe912 in mysql_execute_command(THD*, bool) /test/10.11_dbg_san/sql/sql_parse.cc:4563
|
#12 0x55778d861c88 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/10.11_dbg_san/sql/sql_parse.cc:8035
|
#13 0x55778d8ce85f in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/10.11_dbg_san/sql/sql_parse.cc:1894
|
#14 0x55778d8e0a70 in do_command(THD*, bool) /test/10.11_dbg_san/sql/sql_parse.cc:1407
|
#15 0x55778e351b41 in do_handle_one_connection(CONNECT*, bool) /test/10.11_dbg_san/sql/sql_connect.cc:1418
|
#16 0x55778e35432c in handle_one_connection /test/10.11_dbg_san/sql/sql_connect.cc:1312
|
#17 0x1474580e9608 in start_thread /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477
|
#18 0x14745735e132 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f132)
|
Setup:
Compiled with GCC >=7.5.0 (I use GCC 9.4.0) and:
|
-DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWITH_RAPID=OFF -DWSREP_LIB_WITH_ASAN=ON
|
Set before execution:
|
export UBSAN_OPTIONS=print_stacktrace=1
|
Bug confirmed present in:
MariaDB: 10.3.37 (dbg), 10.3.37 (opt), 10.4.27 (dbg), 10.4.27 (opt), 10.5.18 (dbg), 10.5.18 (opt), 10.6.10 (dbg), 10.6.10 (opt), 10.7.6 (dbg), 10.7.6 (opt), 10.8.5 (dbg), 10.8.5 (opt), 10.9.2 (dbg), 10.9.2 (opt), 10.10.2 (dbg), 10.10.2 (opt), 10.11.0 (dbg), 10.11.0 (opt)
There are a large number of issues seen across versions. All UniqueID's seen:
UBSAN|signed integer overflow: X * Y cannot be represented in type 'int'|strings/dtoa.c|my_strtod_int|my_strtod|Field_real::get_double|Field_double::store
|
UBSAN|signed integer overflow: X * Y cannot be represented in type 'int'|strings/dtoa.c|my_strtod_int|my_strtod|charset_info_st::strntod|Field_real::get_double
|
UBSAN|signed integer overflow: X * Y cannot be represented in type 'int'|strings/dtoa.c|my_strtod_int|my_strtod|my_strntod_8bit|Field_real::get_double
|
UBSAN|signed integer overflow: X * Y cannot be represented in type 'int'|strings/dtoa.c|my_strtod_int|my_strtod|my_strntod_8bit|charset_info_st::strntod
|
Attachments
Issue Links
- relates to
-
MDEV-25454 Make MariaDB server UBSAN safe
-
- Confirmed
-
-
MDEV-28374 UBSAN: runtime error: signed integer overflow: 10000000000000 * 10000000000000 cannot be represented in type 'long long int' in sql/sql_analyse.cc
-
- Confirmed
-
-
-
- Closed
-